Skip to content
@spdx

SPDX

SPDX is an open standard for communicating SBOM information, including provenance, license, security, and other related information. ISO/IEC 5962:2021
README.md

System Package Data Exchange (SPDX)

Main Website: https://spdx.dev/

This organization houses the primary development activity for SPDX. Use the categories below to find the repositories you are interested in.

Learning about SPDX SBoM and Examples

These repositories are useful if you are looking for more information about how to use SPDX and example SPDX files.

  • using - This repository contains long-form text that explains how to use SPDX, or walks readers through various SPDX use cases.
  • spdx-examples - This repository contains example SPDX files covering various versions and use cases

SPDX SBoM Tooling

These repository contain SPDX related tools and code bindings, which are useful if you want to produce or consumer SPDX documents.

Python

Go

  • tools-golang - Go library for dealing with SPDX documents
  • spdx-go-model - Low level Go library for reading and writing SPDX documents

Java

  • tools-java - Java command line utility for managing and converting SPDX documents
  • spdx-java-library - Java library supporting reading, writing, converting, and validating SPDX documents
  • spdx-java-* - Support libraries used by the spdx-java-library. Descriptions of these repos can be found in the spdx-java-library API documentation

JavaScript

  • tools-ts - TypeScript / JavaScript library for writing SPDX documents

SPDX Licenses

These repositories are related to the SPDX License List

SPDX 3 SBoM Model

These repositories define the SPDX 3 SBoM Standard

  • spdx-3-model - This is the main SPDX 3 model files. If you would like to modify or extend the SPDX 3 specification, start here.
  • spdx-spec - Source for the canonical SPDX specification at spdx.github.io/spdx-spec/. This contains static content like chapters and annexes. For the model files, see spdx-3-model.
  • spec-parser - This is the tool that translates the SPDX 3 model files from Markdown to various outputs

Community

These repositories are related to the SPDX Community activities

  • meetings - Information about SPDX meetings including schedule, links to join, minutes, etc.
  • outreach - Outreach resources for SPDX (e.g. Conference talks, presentations, etc.)
  • governance - Governance practices for the SPDX Working Group.

Pinned Loading

  1. spdx-3-model spdx-3-model Public

    The model for the information captured in SPDX version 3 standard.

    95 56

  2. spdx-spec spdx-spec Public

    The System Package Data Exchange (SPDX) specification in Markdown and HTML formats.

    Python 343 148

  3. tools-python tools-python Public

    A Python library to parse, validate and create SPDX documents.

    Python 227 146

  4. license-list-XML license-list-XML Public

    Source XML and test text files for the SPDX License List

    Makefile 423 341

  5. tools-java tools-java Public

    SPDX Command Line Tools using the Spdx-Java-Library

    Java 81 42

  6. tools-golang tools-golang Public

    Collection of Go packages to work with SPDX files

    Go 153 64

Repositories

Showing 10 of 81 repositories
  • spdx-online-tools Public

    Source for the website providing online SPDX tools

    spdx/spdx-online-tools’s past year of commit activity
    JavaScript 66 Apache-2.0 60 31 (2 issues need help) 16 Updated Oct 14, 2025
  • spdx-java-v3jsonld-store Public

    Serializable store supporting the SPDX spec version 3 JSON-LD format

    spdx/spdx-java-v3jsonld-store’s past year of commit activity
    Java 2 Apache-2.0 2 4 1 Updated Oct 14, 2025
  • tools-golang Public

    Collection of Go packages to work with SPDX files

    spdx/tools-golang’s past year of commit activity
    Go 153 64 35 2 Updated Oct 14, 2025
  • using Public

    Information on how to use the SPDX specification

    spdx/using’s past year of commit activity
    Shell 4 4 8 4 Updated Oct 14, 2025
  • spdx-java-jackson-store Public

    JSON storage implementation for the SPDX tools

    spdx/spdx-java-jackson-store’s past year of commit activity
    Java 7 Apache-2.0 8 4 0 Updated Oct 13, 2025
  • tools-java Public

    SPDX Command Line Tools using the Spdx-Java-Library

    spdx/tools-java’s past year of commit activity
    Java 81 Apache-2.0 42 13 1 Updated Oct 13, 2025
  • spdx-java-model-2_X Public

    Java model files for version 2.X

    spdx/spdx-java-model-2_X’s past year of commit activity
    Java 1 Apache-2.0 3 1 1 Updated Oct 13, 2025
  • spdx-model-to-java Public

    Generates Java source files from the SPDX spec version 3+ suitable for inclusion in the SPDX Java Library

    spdx/spdx-model-to-java’s past year of commit activity
    Java 3 Apache-2.0 2 2 1 Updated Oct 13, 2025
  • Spdx-Java-Library Public

    Java library which implements the Java object model for SPDX and provides useful helper functions

    spdx/Spdx-Java-Library’s past year of commit activity
    Java 62 Apache-2.0 41 20 (1 issue needs help) 4 Updated Oct 13, 2025
  • spdx-java-rdf-store Public

    SPDX Tools RDF Support Library

    spdx/spdx-java-rdf-store’s past year of commit activity
    Java 3 Apache-2.0 4 1 2 Updated Oct 13, 2025
View all repositories